<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[208867] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/208867">208867</a></dd>
<dt>Author</dt> <dd>utatane.tea@gmail.com</dd>
<dt>Date</dt> <dd>2016-11-17 16:37:28 -0800 (Thu, 17 Nov 2016)</dd>
</dl>
<h3>Log Message</h3>
<pre>[JSC] Drop arguments.caller
https://bugs.webkit.org/show_bug.cgi?id=164859
Reviewed by Saam Barati.
JSTests:
* stress/strict-mode-arguments-caller.js: Added.
(strictArguments):
(shouldBe):
Source/JavaScriptCore:
Originally, some JavaScript engine has `arguments.caller` property.
But it easily causes some information leaks and it becomes obstacles
for secure ECMAScript (SES). In ES5, we make it deprecated in strict
mode. To do so, we explicitly set "caller" getter throwing TypeError
to arguments in strict mode.
But now, there is no modern engine which supports `arguments.caller`
in sloppy mode. So the original compatibility problem is gone and
"caller" getter in the strict mode arguments becomes meaningless.
ES2017 drops this from the spec. In this patch, we also drop this
`arguments.caller` in strict mode support.
Note that Function#caller is still alive.
* runtime/ClonedArguments.cpp:
(JSC::ClonedArguments::getOwnPropertySlot):
(JSC::ClonedArguments::put):
(JSC::ClonedArguments::deleteProperty):
(JSC::ClonedArguments::defineOwnProperty):
(JSC::ClonedArguments::materializeSpecials):
LayoutTests:
* js/basic-strict-mode-expected.txt:
* js/script-tests/basic-strict-mode.js:
* js/script-tests/strict-throw-type-error.js:
* js/script-tests/throw-type-error-is-unique.js:
(test):
* js/strict-throw-type-error-expected.txt:</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkJSTestsChangeLog">trunk/JSTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsChangeLog">trunk/LayoutTests/ChangeLog</a></li>
<li><a href="#trunkLayoutTestsjsbasicstrictmodeexpectedtxt">trunk/LayoutTests/js/basic-strict-mode-expected.txt</a></li>
<li><a href="#trunkLayoutTestsjsscripttestsbasicstrictmodejs">trunk/LayoutTests/js/script-tests/basic-strict-mode.js</a></li>
<li><a href="#trunkLayoutTestsjsscripttestsstrictthrowtypeerrorjs">trunk/LayoutTests/js/script-tests/strict-throw-type-error.js</a></li>
<li><a href="#trunkLayoutTestsjsscriptteststhrowtypeerrorisuniquejs">trunk/LayoutTests/js/script-tests/throw-type-error-is-unique.js</a></li>
<li><a href="#trunkLayoutTestsjsstrictthrowtypeerrorexpectedtxt">trunk/LayoutTests/js/strict-throw-type-error-expected.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeClonedArgumentscpp">trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkJSTestsstressstrictmodeargumentscallerjs">trunk/JSTests/stress/strict-mode-arguments-caller.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkJSTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/JSTests/ChangeLog (208866 => 208867)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/ChangeLog 2016-11-18 00:23:34 UTC (rev 208866)
+++ trunk/JSTests/ChangeLog 2016-11-18 00:37:28 UTC (rev 208867)
</span><span class="lines">@@ -1,3 +1,14 @@
</span><ins>+2016-11-17 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ [JSC] Drop arguments.caller
+ https://bugs.webkit.org/show_bug.cgi?id=164859
+
+ Reviewed by Saam Barati.
+
+ * stress/strict-mode-arguments-caller.js: Added.
+ (strictArguments):
+ (shouldBe):
+
</ins><span class="cx"> 2016-11-17 Keith Miller <keith_miller@apple.com>
</span><span class="cx">
</span><span class="cx"> Add rotate to Wasm
</span></span></pre></div>
<a id="trunkJSTestsstressstrictmodeargumentscallerjs"></a>
<div class="addfile"><h4>Added: trunk/JSTests/stress/strict-mode-arguments-caller.js (0 => 208867)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/JSTests/stress/strict-mode-arguments-caller.js (rev 0)
+++ trunk/JSTests/stress/strict-mode-arguments-caller.js 2016-11-18 00:37:28 UTC (rev 208867)
</span><span class="lines">@@ -0,0 +1,13 @@
</span><ins>+function strictArguments() {
+ "use strict";
+ return arguments;
+}
+
+function shouldBe(actual, expected) {
+ if (actual !== expected)
+ throw new Error('bad value: ' + actual);
+}
+
+shouldBe(strictArguments().caller, undefined);
+shouldBe('caller' in strictArguments(), false);
+shouldBe(Object.getOwnPropertyDescriptor(strictArguments(), 'caller'), undefined);
</ins></span></pre></div>
<a id="trunkLayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/ChangeLog (208866 => 208867)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/ChangeLog 2016-11-18 00:23:34 UTC (rev 208866)
+++ trunk/LayoutTests/ChangeLog 2016-11-18 00:37:28 UTC (rev 208867)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2016-11-17 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ [JSC] Drop arguments.caller
+ https://bugs.webkit.org/show_bug.cgi?id=164859
+
+ Reviewed by Saam Barati.
+
+ * js/basic-strict-mode-expected.txt:
+ * js/script-tests/basic-strict-mode.js:
+ * js/script-tests/strict-throw-type-error.js:
+ * js/script-tests/throw-type-error-is-unique.js:
+ (test):
+ * js/strict-throw-type-error-expected.txt:
+
</ins><span class="cx"> 2016-11-17 Ryan Haddad <ryanhaddad@apple.com>
</span><span class="cx">
</span><span class="cx"> Update TestExpectations for media/modern-media-controls/pip-support/pip-support-enabled.html.
</span></span></pre></div>
<a id="trunkLayoutTestsjsbasicstrictmodeexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/basic-strict-mode-expected.txt (208866 => 208867)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/basic-strict-mode-expected.txt 2016-11-18 00:23:34 UTC (rev 208866)
+++ trunk/LayoutTests/js/basic-strict-mode-expected.txt 2016-11-18 00:37:28 UTC (rev 208867)
</span><span class="lines">@@ -57,13 +57,13 @@
</span><span class="cx"> PASS (function (){'use strict'; with(1){};}) threw exception SyntaxError: 'with' statements are not valid in strict mode..
</span><span class="cx"> PASS (function(){(function (){'use strict'; with(1){};})}) threw exception SyntaxError: 'with' statements are not valid in strict mode..
</span><span class="cx"> PASS (function (){'use strict'; arguments.callee; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</span><del>-PASS (function (){'use strict'; arguments.caller; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</del><ins>+PASS (function (){'use strict'; return arguments.caller; })() is undefined
</ins><span class="cx"> PASS (function f(){'use strict'; f.arguments; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</span><span class="cx"> PASS (function f(){'use strict'; f.caller; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</span><span class="cx"> PASS (function f(){'use strict'; f.arguments=5; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</span><span class="cx"> PASS (function f(){'use strict'; f.caller=5; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</span><span class="cx"> PASS (function (arg){'use strict'; arguments.callee; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</span><del>-PASS (function (arg){'use strict'; arguments.caller; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</del><ins>+PASS (function (arg){'use strict'; return arguments.caller; })() is undefined
</ins><span class="cx"> PASS (function f(arg){'use strict'; f.arguments; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</span><span class="cx"> PASS (function f(arg){'use strict'; f.caller; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</span><span class="cx"> PASS (function f(arg){'use strict'; f.arguments=5; })() threw exception TypeError: 'arguments', 'callee', and 'caller' cannot be accessed in this context..
</span><span class="lines">@@ -184,8 +184,7 @@
</span><span class="cx"> PASS (function f(arg){'use strict'; return Object.getOwnPropertyDescriptor(f.__proto__, 'arguments').value; })() is undefined.
</span><span class="cx"> PASS (function f(arg){'use strict'; return Object.getOwnPropertyDescriptor(f.__proto__, 'caller').value; })() is undefined.
</span><span class="cx"> PASS (function f(arg){'use strict'; return Object.getOwnPropertyDescriptor(arguments, 'callee').value; })() is undefined.
</span><del>-PASS (function f(arg){'use strict'; return Object.getOwnPropertyDescriptor(arguments, 'caller').value; })() is undefined.
-PASS (function f(arg){'use strict'; var descriptor = Object.getOwnPropertyDescriptor(arguments, 'caller'); return descriptor.get === descriptor.set; })() is true
</del><ins>+PASS (function f(arg){'use strict'; return Object.getOwnPropertyDescriptor(arguments, 'caller'); })() is undefined.
</ins><span class="cx"> PASS (function f(arg){'use strict'; var descriptor = Object.getOwnPropertyDescriptor(arguments, 'callee'); return descriptor.get === descriptor.set; })() is true
</span><span class="cx"> PASS (function f(arg){'use strict'; var descriptor = Object.getOwnPropertyDescriptor(f.__proto__, 'caller'); return descriptor.get === descriptor.set; })() is true
</span><span class="cx"> PASS (function f(arg){'use strict'; var descriptor = Object.getOwnPropertyDescriptor(f.__proto__, 'arguments'); return descriptor.get === descriptor.set; })() is true
</span></span></pre></div>
<a id="trunkLayoutTestsjsscripttestsbasicstrictmodejs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/script-tests/basic-strict-mode.js (208866 => 208867)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/script-tests/basic-strict-mode.js 2016-11-18 00:23:34 UTC (rev 208866)
+++ trunk/LayoutTests/js/script-tests/basic-strict-mode.js 2016-11-18 00:37:28 UTC (rev 208867)
</span><span class="lines">@@ -74,13 +74,13 @@
</span><span class="cx"> shouldBeSyntaxError("(function (){var a; function f() {'use strict'; delete a;} })()");
</span><span class="cx"> shouldBeSyntaxError("(function (){'use strict'; with(1){};})");
</span><span class="cx"> shouldThrow("(function (){'use strict'; arguments.callee; })()");
</span><del>-shouldThrow("(function (){'use strict'; arguments.caller; })()");
</del><ins>+shouldBe("(function (){'use strict'; return arguments.caller; })()", "undefined");
</ins><span class="cx"> shouldThrow("(function f(){'use strict'; f.arguments; })()");
</span><span class="cx"> shouldThrow("(function f(){'use strict'; f.caller; })()");
</span><span class="cx"> shouldThrow("(function f(){'use strict'; f.arguments=5; })()");
</span><span class="cx"> shouldThrow("(function f(){'use strict'; f.caller=5; })()");
</span><span class="cx"> shouldThrow("(function (arg){'use strict'; arguments.callee; })()");
</span><del>-shouldThrow("(function (arg){'use strict'; arguments.caller; })()");
</del><ins>+shouldBe("(function (arg){'use strict'; return arguments.caller; })()", "undefined");
</ins><span class="cx"> shouldThrow("(function f(arg){'use strict'; f.arguments; })()");
</span><span class="cx"> shouldThrow("(function f(arg){'use strict'; f.caller; })()");
</span><span class="cx"> shouldThrow("(function f(arg){'use strict'; f.arguments=5; })()");
</span><span class="lines">@@ -181,8 +181,7 @@
</span><span class="cx"> shouldBeUndefined("(function f(arg){'use strict'; return Object.getOwnPropertyDescriptor(f.__proto__, 'arguments').value; })()");
</span><span class="cx"> shouldBeUndefined("(function f(arg){'use strict'; return Object.getOwnPropertyDescriptor(f.__proto__, 'caller').value; })()");
</span><span class="cx"> shouldBeUndefined("(function f(arg){'use strict'; return Object.getOwnPropertyDescriptor(arguments, 'callee').value; })()");
</span><del>-shouldBeUndefined("(function f(arg){'use strict'; return Object.getOwnPropertyDescriptor(arguments, 'caller').value; })()");
-shouldBeTrue("(function f(arg){'use strict'; var descriptor = Object.getOwnPropertyDescriptor(arguments, 'caller'); return descriptor.get === descriptor.set; })()");
</del><ins>+shouldBeUndefined("(function f(arg){'use strict'; return Object.getOwnPropertyDescriptor(arguments, 'caller'); })()");
</ins><span class="cx"> shouldBeTrue("(function f(arg){'use strict'; var descriptor = Object.getOwnPropertyDescriptor(arguments, 'callee'); return descriptor.get === descriptor.set; })()");
</span><span class="cx"> shouldBeTrue("(function f(arg){'use strict'; var descriptor = Object.getOwnPropertyDescriptor(f.__proto__, 'caller'); return descriptor.get === descriptor.set; })()");
</span><span class="cx"> shouldBeTrue("(function f(arg){'use strict'; var descriptor = Object.getOwnPropertyDescriptor(f.__proto__, 'arguments'); return descriptor.get === descriptor.set; })()");
</span><span class="lines">@@ -212,4 +211,4 @@
</span><span class="cx"> shouldBeTrue("(function () {try { throw 1; } catch (e) { aGlobal = true; }})(); aGlobal;");
</span><span class="cx">
</span><span class="cx"> // Make sure this doesn't crash!
</span><del>-shouldBe('String(Object.getOwnPropertyDescriptor((function() { "use strict"; }).__proto__, "caller").get)', "'function () {\\n [native code]\\n}'");
</del><span class="cx">\ No newline at end of file
</span><ins>+shouldBe('String(Object.getOwnPropertyDescriptor((function() { "use strict"; }).__proto__, "caller").get)', "'function () {\\n [native code]\\n}'");
</ins></span></pre></div>
<a id="trunkLayoutTestsjsscripttestsstrictthrowtypeerrorjs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/script-tests/strict-throw-type-error.js (208866 => 208867)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/script-tests/strict-throw-type-error.js 2016-11-18 00:23:34 UTC (rev 208866)
+++ trunk/LayoutTests/js/script-tests/strict-throw-type-error.js 2016-11-18 00:37:28 UTC (rev 208867)
</span><span class="lines">@@ -14,7 +14,7 @@
</span><span class="cx"> var boundFunction1 = strictArgumentsFunction1.bind();
</span><span class="cx"> var functionCaller1 = getter(strictArgumentsFunction1.__proto__, "caller");
</span><span class="cx"> var functionArguments1 = getter(strictArgumentsFunction1.__proto__, "arguments");
</span><del>-var argumentsCaller1 = getter(strictArguments1, "caller");
</del><ins>+var argumentsCaller1 = Object.getOwnPropertyDescriptor(strictArguments1, "caller");
</ins><span class="cx"> var argumentsCallee1 = getter(strictArguments1, "callee");
</span><span class="cx"> var boundCaller1 = getter(boundFunction1, "caller");
</span><span class="cx"> var boundArguments1 = getter(boundFunction1, "arguments");
</span><span class="lines">@@ -28,7 +28,7 @@
</span><span class="cx"> var boundFunction2 = strictArgumentsFunction2.bind();
</span><span class="cx"> var functionCaller2 = getter(strictArgumentsFunction2.__proto__, "caller");
</span><span class="cx"> var functionArguments2 = getter(strictArgumentsFunction2.__proto__, "arguments");
</span><del>-var argumentsCaller2 = getter(strictArguments2, "caller");
</del><ins>+var argumentsCaller2 = Object.getOwnPropertyDescriptor(strictArguments2, "caller");
</ins><span class="cx"> var argumentsCallee2 = getter(strictArguments2, "callee");
</span><span class="cx"> var boundCaller2 = getter(boundFunction2, "caller");
</span><span class="cx"> var boundArguments2 = getter(boundFunction2, "arguments");
</span><span class="lines">@@ -36,13 +36,13 @@
</span><span class="cx"> shouldBeTrue('functionCaller1 === functionCaller2');
</span><span class="cx">
</span><span class="cx"> shouldBeTrue('functionCaller1 === functionArguments1');
</span><del>-shouldBeTrue('functionCaller1 === argumentsCaller1');
</del><ins>+shouldBe('argumentsCaller1', 'undefined');
</ins><span class="cx"> shouldBeTrue('functionCaller1 === argumentsCallee1');
</span><span class="cx"> shouldBeTrue('functionCaller1 === boundCaller1');
</span><span class="cx"> shouldBeTrue('functionCaller1 === boundArguments1');
</span><span class="cx">
</span><span class="cx"> shouldBeTrue('functionCaller2 === functionArguments2');
</span><del>-shouldBeTrue('functionCaller2 === argumentsCaller2');
</del><ins>+shouldBe('argumentsCaller2', 'undefined');
</ins><span class="cx"> shouldBeTrue('functionCaller2 === argumentsCallee2');
</span><span class="cx"> shouldBeTrue('functionCaller2 === boundCaller2');
</span><span class="cx"> shouldBeTrue('functionCaller2 === boundArguments2');
</span></span></pre></div>
<a id="trunkLayoutTestsjsscriptteststhrowtypeerrorisuniquejs"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/script-tests/throw-type-error-is-unique.js (208866 => 208867)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/script-tests/throw-type-error-is-unique.js 2016-11-18 00:23:34 UTC (rev 208866)
+++ trunk/LayoutTests/js/script-tests/throw-type-error-is-unique.js 2016-11-18 00:37:28 UTC (rev 208867)
</span><span class="lines">@@ -44,7 +44,7 @@
</span><span class="cx">
</span><span class="cx"> function test()
</span><span class="cx"> {
</span><del>- let baseThrowTypeErrorFunction = Object.getOwnPropertyDescriptor(arguments, "caller").get;
</del><ins>+ let baseThrowTypeErrorFunction = Object.getOwnPropertyDescriptor(arguments, "callee").get;
</ins><span class="cx">
</span><span class="cx"> let sources = [
</span><span class="cx"> new ThrowTypeErrorSource("Function.prototype", Function.prototype, ["arguments", "caller"]),
</span></span></pre></div>
<a id="trunkLayoutTestsjsstrictthrowtypeerrorexpectedtxt"></a>
<div class="modfile"><h4>Modified: trunk/LayoutTests/js/strict-throw-type-error-expected.txt (208866 => 208867)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/LayoutTests/js/strict-throw-type-error-expected.txt 2016-11-18 00:23:34 UTC (rev 208866)
+++ trunk/LayoutTests/js/strict-throw-type-error-expected.txt 2016-11-18 00:37:28 UTC (rev 208867)
</span><span class="lines">@@ -5,12 +5,12 @@
</span><span class="cx">
</span><span class="cx"> PASS functionCaller1 === functionCaller2 is true
</span><span class="cx"> PASS functionCaller1 === functionArguments1 is true
</span><del>-PASS functionCaller1 === argumentsCaller1 is true
</del><ins>+PASS argumentsCaller1 is undefined
</ins><span class="cx"> PASS functionCaller1 === argumentsCallee1 is true
</span><span class="cx"> PASS functionCaller1 === boundCaller1 is true
</span><span class="cx"> PASS functionCaller1 === boundArguments1 is true
</span><span class="cx"> PASS functionCaller2 === functionArguments2 is true
</span><del>-PASS functionCaller2 === argumentsCaller2 is true
</del><ins>+PASS argumentsCaller2 is undefined
</ins><span class="cx"> PASS functionCaller2 === argumentsCallee2 is true
</span><span class="cx"> PASS functionCaller2 === boundCaller2 is true
</span><span class="cx"> PASS functionCaller2 === boundArguments2 is true
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (208866 => 208867)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2016-11-18 00:23:34 UTC (rev 208866)
+++ trunk/Source/JavaScriptCore/ChangeLog 2016-11-18 00:37:28 UTC (rev 208867)
</span><span class="lines">@@ -1,3 +1,32 @@
</span><ins>+2016-11-17 Yusuke Suzuki <utatane.tea@gmail.com>
+
+ [JSC] Drop arguments.caller
+ https://bugs.webkit.org/show_bug.cgi?id=164859
+
+ Reviewed by Saam Barati.
+
+ Originally, some JavaScript engine has `arguments.caller` property.
+ But it easily causes some information leaks and it becomes obstacles
+ for secure ECMAScript (SES). In ES5, we make it deprecated in strict
+ mode. To do so, we explicitly set "caller" getter throwing TypeError
+ to arguments in strict mode.
+
+ But now, there is no modern engine which supports `arguments.caller`
+ in sloppy mode. So the original compatibility problem is gone and
+ "caller" getter in the strict mode arguments becomes meaningless.
+
+ ES2017 drops this from the spec. In this patch, we also drop this
+ `arguments.caller` in strict mode support.
+
+ Note that Function#caller is still alive.
+
+ * runtime/ClonedArguments.cpp:
+ (JSC::ClonedArguments::getOwnPropertySlot):
+ (JSC::ClonedArguments::put):
+ (JSC::ClonedArguments::deleteProperty):
+ (JSC::ClonedArguments::defineOwnProperty):
+ (JSC::ClonedArguments::materializeSpecials):
+
</ins><span class="cx"> 2016-11-17 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> Inlining should be disallowed when JSC_alwaysUseShadowChicken=true.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeClonedArgumentscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp (208866 => 208867)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp 2016-11-18 00:23:34 UTC (rev 208866)
+++ trunk/Source/JavaScriptCore/runtime/ClonedArguments.cpp 2016-11-18 00:37:28 UTC (rev 208867)
</span><span class="lines">@@ -180,17 +180,11 @@
</span><span class="cx"> FunctionExecutable* executable = jsCast<FunctionExecutable*>(thisObject->m_callee->executable());
</span><span class="cx"> bool isStrictMode = executable->isStrictMode();
</span><span class="cx">
</span><del>- if (isStrictMode) {
- if (ident == vm.propertyNames->callee) {
</del><ins>+ if (ident == vm.propertyNames->callee) {
+ if (isStrictMode) {
</ins><span class="cx"> slot.setGetterSlot(thisObject, DontDelete | DontEnum | Accessor, thisObject->globalObject()->throwTypeErrorArgumentsCalleeAndCallerGetterSetter());
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><del>- if (ident == vm.propertyNames->caller) {
- slot.setGetterSlot(thisObject, DontDelete | DontEnum | Accessor, thisObject->globalObject()->throwTypeErrorArgumentsCalleeAndCallerGetterSetter());
- return true;
- }
-
- } else if (ident == vm.propertyNames->callee) {
</del><span class="cx"> slot.setValue(thisObject, 0, thisObject->m_callee.get());
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="lines">@@ -217,7 +211,6 @@
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx">
</span><span class="cx"> if (ident == vm.propertyNames->callee
</span><del>- || ident == vm.propertyNames->caller
</del><span class="cx"> || ident == vm.propertyNames->iteratorSymbol) {
</span><span class="cx"> thisObject->materializeSpecialsIfNecessary(exec);
</span><span class="cx"> PutPropertySlot dummy = slot; // Shadow the given PutPropertySlot to prevent caching.
</span><span class="lines">@@ -233,7 +226,6 @@
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx">
</span><span class="cx"> if (ident == vm.propertyNames->callee
</span><del>- || ident == vm.propertyNames->caller
</del><span class="cx"> || ident == vm.propertyNames->iteratorSymbol)
</span><span class="cx"> thisObject->materializeSpecialsIfNecessary(exec);
</span><span class="cx">
</span><span class="lines">@@ -246,7 +238,6 @@
</span><span class="cx"> VM& vm = exec->vm();
</span><span class="cx">
</span><span class="cx"> if (ident == vm.propertyNames->callee
</span><del>- || ident == vm.propertyNames->caller
</del><span class="cx"> || ident == vm.propertyNames->iteratorSymbol)
</span><span class="cx"> thisObject->materializeSpecialsIfNecessary(exec);
</span><span class="cx">
</span><span class="lines">@@ -261,10 +252,9 @@
</span><span class="cx"> FunctionExecutable* executable = jsCast<FunctionExecutable*>(m_callee->executable());
</span><span class="cx"> bool isStrictMode = executable->isStrictMode();
</span><span class="cx">
</span><del>- if (isStrictMode) {
</del><ins>+ if (isStrictMode)
</ins><span class="cx"> putDirectAccessor(exec, vm.propertyNames->callee, globalObject()->throwTypeErrorArgumentsCalleeAndCallerGetterSetter(), DontDelete | DontEnum | Accessor);
</span><del>- putDirectAccessor(exec, vm.propertyNames->caller, globalObject()->throwTypeErrorArgumentsCalleeAndCallerGetterSetter(), DontDelete | DontEnum | Accessor);
- } else
</del><ins>+ else
</ins><span class="cx"> putDirect(vm, vm.propertyNames->callee, JSValue(m_callee.get()));
</span><span class="cx">
</span><span class="cx"> putDirect(vm, vm.propertyNames->iteratorSymbol, globalObject()->arrayProtoValuesFunction(), DontEnum);
</span></span></pre>
</div>
</div>
</body>
</html>